Skip to content

v1.2.0

Choose a tag to compare

View all tags
@beonde beonde released this 29 Sep 19:50
· 37 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.2.0
9bd7913
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🚀 Capiscio CLI v1.2.0 - Security & Distribution Enhancement

Overview

Major release introducing JWS signature verification for agent card authenticity and consistent distribution formats across all platforms. This release focuses on security, user experience, and professional distribution standards.

🔐 New Security Features

JWS Signature Verification (RFC 7515 Compliant)

  • Secure by default - Automatic signature verification for all agent cards
  • Cryptographic validation - Verify agent card authenticity and publisher identity
  • JWKS support - Fetch JSON Web Key Sets from trusted HTTPS endpoints
  • Detached signatures - Support for external signature validation
  • Opt-out available - Use --skip-signature when signatures aren't needed
# Automatic signature verification (new default)
capiscio validate ./agent-card.json

# Skip verification when not needed
capiscio validate ./agent-card.json --skip-signature

🛠️ Technical Improvements

Website Integration

  • capisc.io links - Strategic placement for SEO and domain authority
  • Web validator discovery - Drive traffic to online validation tools
  • Brand consistency - Unified user experience across touchpoints

🔧 Installation & Usage

Quick Installation

# npm (Node.js 18+)
npm install -g capiscio-cli

New Security-First Usage

# Secure validation (default behavior)
capiscio validate ./agent-card.json

# Production deployment validation
capiscio validate ./agent-card.json --strict --registry-ready

# CI/CD with signature verification
capiscio validate https://agent.com --json --strict

🚨 Breaking Changes

⚠️ Signature Verification Default

  • Signature verification is now enabled by default
  • Agent cards without valid signatures will show warnings
  • Use --skip-signature to maintain v1.1.x behavior
  • No breaking changes for valid signed agent cards

📈 Performance & Reliability

Security Enhancements

  • HTTPS-only JWKS - Secure key fetching from trusted sources
  • Signature caching - Improved performance for repeated validations
  • Error handling - Graceful fallbacks for signature validation failures

🌐 Ecosystem Integration

Web Platform Integration

  • capisc.io integration - Seamless discovery of web-based tools
  • Documentation hub - Centralized resources at capisc.io/cli
  • Community building - Enhanced discoverability and engagement

🎯 Migration Guide

For Existing Users

  1. Update to v1.2.0 using your preferred package manager
  2. Test signature verification with your existing agent cards
  3. Add --skip-signature if you need to maintain old behavior temporarily

For New Users

  • Use default settings - Signature verification provides security out of the box
  • Try web validator - Visit capisc.io/validator for browser-based validation
  • Explore documentation - Complete guides at capisc.io/cli

🔗 Resources

For questions or issues, please visit capisc.io or open an issue.

Assets 3
Loading